Fraud and Other Childhood Pasttimes
by Shawn FitzGerald
I recently finished reading Masters of Deception: The Gang the
Ruled Cyberspace. This was about the members of MOD (Masters of
Deception) and LOD (Legion of Doom), focusing mostly on MOD. It
got me thinking about my by-gone days as a cracker-script-kiddie-poseur
type person. Mostly, I phreaked, and I was probably about half as
good at it as anyone could be. The crap I knew would never have
gotten me into MOD, though I'm pretty sure if I could have met Phiber
or Scorp on the street (maybe at one of those 2600 meetings...)
I would have been able to learn enough from them to be dangerous.
Of course, I had no way to get to New York. This piece isnt
a review of that book, though I recommend it if you find any of
this interesting. Its by Michelle Slatalla and Joshua Quittner.
Keep in mind as you read this that Ive used terms in the
context of the time. I would never call the script kiddie that keeps
trying to take down my DNS a hacker. Real hackers are
people who whack away at code all day long and are performing a
valuable service. The web server software that delivers half the
web pages you look at was written by real hackers.
I learned enough on my own to be dangerous only to myself. I never
whacked 950 extenders, and god help me I never was so stupid as
to use a raped ATT or Sprint number. But, I did scan NUAs on Tymnet
quite a bit. Took me a whole week of trading and running extender
hacks to get a copy of NUA Scanner, which had only recently been
finished by the guy writing it. For some reason I'm thinking it
was by Dr. Dissector, though hell, this was years ago.
I've been looking for some of those old programs that I would run
in the wee hours of the morning on my 8088 Sears-special IBM clone.
The processor on that thing would TURBO to 10Mhz (its base speed
was 4.77Mhz) and had a ripping 10MB hard drive. I would run extenders
(with a proggie called "Fuckin Hacker"), NUAs, and occasionally
war dialing (also with Fuckin Hacker...that app owned) my local
extensions looking for carriers. Mostly, the war dialing wouldn't
pay off, I'd end up with a list of stupid fax machines. Can't do
much with a fax machine, well, except send faxes to it.
I got hooked up calling VMBs all over the place. If the number
wasn't toll free on the VMB, I'd scam an extender then call it from
a pay phone. A VMB was just a voice mail box. This was in the mid
80s, and electronic voice mail was fairly uncommon. Certain
companies would have voice mail for their employees, and people
would hack the mail boxes and take them over for a while. The sad
thing is that many of them would be good for days and days, which
shows you how often people would check their voice mail. Someone
would hack a VMB, then use it to gather and distribute info. I knew
this guy named Stalker, who would change his VMB message every day.
He'd mostly post long distance codez, but every so often he'd share
a system or two with a login and password. Then, other guys would
leave voice messages with other codez and info, which would go up
on the next days message. VMBs were one of the best ways to get
codes, but you'd better only use them the day you got them. There
was a pretty good chance that once they were up on a VMB they were
already stale, which means the poster had already used it for a
bit and didn't want the heat on it anymore.
Actually, I would do this kind of thing on purpose. I'd run extenders
all night and end up with maybe 2-8 codez in my result file the
next morning. I'd use each one of these codez for about two, maybe
three calls, then I would post the codez to a BBS or two, as well
as a VMB. This would ensure that the code would get hammered beyond
belief, so my one or two calls on it wouldn't look that odd once
the provider was on to the fact that it had been hacked.
Things didn't start getting hairy (or scary) for me until I started
hanging on the New York boards. This is pretty much where all of
the serious shit went down. There were hackers up the wazoo in NY.
Many of the boards in NY I was on had ties to MOD, or at least the
sysops claimed to have ties to MOD. They were probably lying. I
know I never ran into Phiber on any board.
I used to go by the handle Zoso quite a bit. It was a pretty lame
handle, but I thought it was clever at the time. (It comes from
the first symbol on the Led Zeppelin IV album cover) Things got
weird for me when some lamer in Ann Arbor posted to a bunch of boards
where I had a good reputation that I was a judge. I immediately
got my access tossed in most of the places where I was considered
cool (or, excuse me, Elite (people didn't start spelling it '31337'
until later)(you want to know secret 'hacker code'? Then type nothing
but 31337 into a Google search sometime and see what crops up).
I was pissed, but there was nothing to do. The Zoso rumors were
pretty much contained to the Ann Arbor area, which was pretty lame
as far as the Elite world was concerned. I still had access to my
NY boards, but I also wasn't hot shit there by any stretch of the
imagination. In Ann Arbor, I was hot shit. In NY, I was just one
of many kids that had a semi-steady supply of fresh codez and NUAs
for trade. I changed my handle in Ann Arbor to The Glass Onion (which
was much cooler than Zoso anyway). Pretty soon, Onion was hot shit
in Ann Arbor, since I was one of the only people that could come
up with codez around there.
NUA Scanner was one of my best friends, and it helped get me in
on some of the tougher boards in NY. I managed to get a copy of
it by pretending to be a girl on one board. Gender switching on-line
was a pretty novel concept back then. Remember, hardly anyone had
a computer, and even fewer people had modems. Even in the underground
community I hung with, hardly anyone knew what the hell the Internet
was. Hardly anyone cared about it anyway, since it was mostly university
Unix machines. (The sad thing is that at the time I knew some Unix...not
a lot, but the little I knew probably could have gotten me into
some pretty Elite boards...oh well) More people were concerned with
Tymnet. Hah, now everyone and their dog knows what the Internet
is, but who the hell nowadays has heard of Tymnet? Does
it even still exist? So I pretended to be a girl, and got access
to a board without having to prove I knew anything or had anything
to trade. I swiftly raided the file areas and grabbed the NUA scanner
before anyone knew I was there. I now had something most people
didn't have (and certainly something those lamers in Ann Arbor didn't
So I'd scan NUAs and have the Tymnet addresses of loads of computers.
I never tried to crack any of them (okay, maybe a couple), I would
just trade the addresses with other people, who would then try to
crack them. The thing was, these other guys would try to crack one
of those systems, thinking if they did they could use that exploit
to get into some gang or other. Well, maybe...I wasn't interested
in stupid hacker gangs anyway...I just wanted to figure things out.
My never ending stream of NUAs got me into some pretty choice boards
My typical day back then started pretty late. Before I went to
bed at about 2AM or so, I would start scanning extenders or NUAs.
I'd wake up, and write down all of the codes or addresses that were
in my result files on a piece of paper. I'd then erase the files
from my computer. At some point I would probably go to work at the
church for a while, that day, where I stashed my little notebook.
I called it my spellbook, and it said write on the cover, "Zoso's
magic spellbook." Inside were pages of codez, notes, VMB numbers,
and system addresses. I kept this notebook stashed in one of the
tunnels in the church that were used to access the steam pipes.
I got really paranoid about all this, since this was right about
the same time Operation
Sundevil went down. The spellbook was either in my pocket (if
I needed it at a Fortress Fone) or in the steam tunnels. Period.
I'd log on to various boards later at night and start looking for
neat things. First I'd dial up the MI educational network, Merit,
and connect to the U of M dial-out pool This was the sweetest thing,
and the fact that it even existed shows you how concerned people
were with security. This was a pool of 30 or so modems at U of M
that you could connect to, then make calls FROM...for free. You
didn't even have to log-in or ANYTHING...there was no way for them
to know, who was using what modem at any given time. What made it
even better is that I would hit my local Merit node, then hop between
4 other nodes, eventually hitting the U of M node from either Houghton
or Traverse City. This made it even harder to trace. All of this
crap was set up inside Merit, you didn't even have to do anything
special, I wouldn't even call it a hack. Stupid, stupid, stupid.
From those U of M dialouts, I'd connect to an Ann Arbor board (local
call from Ann Arbor to Ann Arbor). Or, I'd hit a NY board. To hit
the NY board I'd need an extender, which I would run off the UM
dialouts. If the provider ever traced the call back, it would show
up as originating from a phone line owned by U of M.
On these boards, Id poke around for new codez, new programs,
maybe download a game, or read a War Board for a while if I was
really bored. Flame wars are not new things, and the underground
community probably had way more of them than say, The Well. They
were so common that most underground BBSs had special message boards
called War Boards just for flaming. Since most of the users on these
boards were either Jr. High or High School boys, these flame wars
consisted mostly of name calling, and were generally pretty boring.
I did learn some pretty creative insults from reading them on occasion.
What I eventually discovered is that I had gotten myself into a
cycle. I would get codes to trade for new codez, to get access to
better boards with better codez. I wasnt really learning anything
new, so what was the point? The thrill of doing these naughty things
began to wear thin. Besides, I had just started college as well,
and started dating my first girlfriend at about this time. This
was, at the time, more of a thrill.
Zoso retired with little fanfare. I didnt do any phreaking
or code scanning for months. Then I got bored one night and cracked
open my spellbook. I called a couple of VMBs and was amazed that
in three months the owners of these mail boxes had realized they
had been hacked. I called some New York boards and sent a couple
of messages to Stalker. He had this great new extender file he said
I should try. An extender file was just a list of 800 numbers for
long distance carriers, like the phone number you dial on the back
of those pre-paid phone cards. Attached to each number was a pattern
that indicated how the access code for the service worked. If the
access code was 16 digits long, frequently only 8 of those digits
would be random. This file just indicated which numbers were
random, so the computer didnt have to guess as many numbers.
I plugged this extender file into Fuckin Hacker and ran it all night,
for the first time in months. At about 3AM my mom got a phone call.
It seemed Stalkers little wonder-file was dialing a computer
instead of a phone carrier. This was at some company doing defense
contracting for the DOD, and since the calls started coming in after
5PM, an alarm went off and three guys got paged. They hauled ass
into their office and started tracing the call. Then they called
my mom. Great, thats just great. The guy on the phone wanted
to know where the hell I got this phone number, and why I was dialing
it 15 times in a row. He told my mom he had called another kid who
was dialing it that same night, and the kid told him he got it out
of a computer magazine. Hey, that kid is smart, Oh yeah, thats
where I got it too. He then told her if the number was dialed
again, he would have to call the FBI, the Secret Service, and one
I still dont know exactly what this other agency
was, but I can guess. Thanks Stalker, youre a real pal. Hell,
I dont even know if this guy on the phone was telling the
truth, and I didnt care. If all he wanted to do was scare
me, it worked.
I burned Zosos spellbook the next day.
b i o :
spends his spare time in front of his Mac trying to do constructive
things, but usually ends up screwing around.